package ms.platform.system.interceptor;

import java.util.HashSet;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import ms.platform.util.StringUtils;

public class SecurityInterceptor implements HandlerInterceptor{

	@Override
	public void afterCompletion(HttpServletRequest request,
			HttpServletResponse response, Object handler, Exception e)
			throws Exception {
		// TODO Auto-generated method stub
		
	}

	@Override
	public void postHandle(HttpServletRequest request, HttpServletResponse response,
			Object handler, ModelAndView modelAndView) throws Exception {
		// TODO Auto-generated method stub
	}

	@SuppressWarnings("unchecked")
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
			Object handler) throws Exception {
		String adminId = (String) request.getSession().getAttribute("admin");
		HashSet<String> admin_resource = (HashSet<String>) request.getSession().getAttribute("admin_resource");
		
		if(StringUtils.isNotBlank(adminId)){
			String url = request.getRequestURI().replace(request.getContextPath(), "");
			if(StringUtils.isNotBlank(url) && (admin_resource.contains(url) || "/".equals(url))){
				return true;
			}else{
				
			}
		}
		
		response.sendRedirect(request.getContextPath()+"/login");
		return false;
//		return true;
	}

}
